7217b974542ea8e3d69211c4280f10b451f0a5d9df60a8ea091d89aa73a78160 | Triage

Sharing

General

Target

7217b974542ea8e3d69211c4280f10b451f0a5d9df60a8ea091d89aa73a78160
Size

605KB
Sample

230829-j98fsseb3w
MD5

ef717a601f11e805a0d67e49a79ad602
SHA1

17c25a39fc5faa931e1e99338c530b801f22397a
SHA256

7217b974542ea8e3d69211c4280f10b451f0a5d9df60a8ea091d89aa73a78160
SHA512

dcb245a5769bc921cabee37efdbaa71e5adb4f3637014d18d5de2dbf039d49b773875a25d6bb5a221614890fd3fb725a77aa2c92160379061058a5a10094a886
SSDEEP

12288:ZC1aCpxcLoP5fx5+rTGHqlXqDqPZyG65+jZvG0XqndyK7xTSZa6tdp:qbccP5Z5+rTGKlMqr65gZvG0XsdyJYw

Score

8^/10

discovery persistence

Malware Config

Targets

- Target
  
  7217b974542ea8e3d69211c4280f10b451f0a5d9df60a8ea091d89aa73a78160
- Size
  
  605KB
- MD5
  
  ef717a601f11e805a0d67e49a79ad602
- SHA1
  
  17c25a39fc5faa931e1e99338c530b801f22397a
- SHA256
  
  7217b974542ea8e3d69211c4280f10b451f0a5d9df60a8ea091d89aa73a78160
- SHA512
  
  dcb245a5769bc921cabee37efdbaa71e5adb4f3637014d18d5de2dbf039d49b773875a25d6bb5a221614890fd3fb725a77aa2c92160379061058a5a10094a886
- SSDEEP
  
  12288:ZC1aCpxcLoP5fx5+rTGHqlXqDqPZyG65+jZvG0XqndyK7xTSZa6tdp:qbccP5Z5+rTGKlMqr65gZvG0XsdyJYw
Score

8^/10

discovery persistence
- Contacts a large (812) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates/modifies Cron job
  Cron allows running tasks on a schedule, and is commonly used for malware persistence.
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Network Service Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence